Blokování připojení k internetu, 8t5r.exe,450p41.exe...

[eanej]

Dobrý den,
od včera nefunguje na notebooku internet (stránku nelze zobrazit atd, na router se lze pripojit), ve spustenych procesech jsou pustene aplikace typu 8t5r.exe atd... kdyz je vsechny povypinam tak internet sice chvilinku jde, ale za okamzik se tyto aplikace pusti znova.
Vice v logu :
log : -----
Logfile of random's system information tool 1.08 (written by random/random)
Run by user at 2010-08-19 10:59:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 91 GB (60%) free of 153 GB
Total RAM: 1015 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-602609370-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-602609370-1801674531-1003UA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-08 1434920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-04-14 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-07-25 888832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"ewrgetuj"=C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe [2010-08-18 73728]
"dloznc"=C:\WINDOWS\system32\mstxtupn.dll [2010-08-18 36865]
"note"= []
"userini"=C:\WINDOWS\system32\userini.exe [2010-08-19 45568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"=C:\WINDOWS\system32\csrcs.exe [2008-04-14 586830]
"c9udna"=C:\DOCUME~1\user\LOCALS~1\Temp\450p41.exe [2010-08-18 41472]
"42386aj"=C:\DOCUME~1\user\LOCALS~1\Temp\8t5r.exe [2010-08-18 41472]
"apps"=C:\WINDOWS\fonts\services.exe [2008-04-14 34816]
"q3mr2"=C:\DOCUME~1\user\LOCALS~1\Temp\ov8gec9.exe [2010-08-18 41984]
"userini"=C:\WINDOWS\system32\userini.exe [2010-08-19 45568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NetLog2"=C:\WINDOWS\svc2.exe [2010-08-18 211830]
"{3FBF0E12-1678-C4A9-4F72-F14862848AE2}"=C:\Documents and Settings\user\Data aplikací\Uryln\vyfya.exe [2010-05-08 146432]
"note"=C:\DOCUME~1\NETWOR~1\ntl.dll [2009-03-21 17920]
"userini"=C:\WINDOWS\system32\userini.exe [2010-08-19 45568]
"NetLog3"=C:\WINDOWS\svc3.exe [2010-08-19 211831]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe [2010-08-19 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-07-27 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-08-09 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění
scand.dll
scand.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\DOCUME~1\user\DATAAP~1\Mozilla\WINUPL~1\msftldr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mrdpjpdj.dll, mhtxnpdf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\WINDOWS\fonts\services.exe"="C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-19 10:59:34 ----D---- C:\Program Files\trend micro
2010-08-19 10:59:33 ----D---- C:\rsit
2010-08-19 10:50:28 ----A---- C:\WINDOWS\system32\userini.exe
2010-08-19 10:43:03 ----A---- C:\WINDOWS\system32\mhtxnpdf.dll
2010-08-18 07:09:58 ----A---- C:\WINDOWS\svc3.exe
2010-08-18 07:09:13 ----A---- C:\WINDOWS\system32\mrdpjpdj.dll
2010-08-18 07:09:13 ----A---- C:\WINDOWS\system32\~~.tmp
2010-08-18 07:09:00 ----A---- C:\WINDOWS\system32\mstxtupn.dll
2010-08-18 07:08:49 ----A---- C:\WINDOWS\svc2.exe
2010-08-13 00:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-13 00:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 00:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 00:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 00:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 00:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 00:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 00:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 00:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 21:28:52 ----D---- C:\Documents and Settings\user\Data aplikací\AVI ReComp
2010-08-10 21:28:37 ----D---- C:\Program Files\Gabest
2010-08-10 21:28:22 ----D---- C:\Program Files\Xvid
2010-08-10 21:27:52 ----D---- C:\Program Files\AviSynth 2.5
2010-08-10 21:26:22 ----D---- C:\Program Files\AVI ReComp
2010-08-03 14:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-31 13:11:43 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-07-31 13:11:40 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-07-31 13:11:39 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys

======List of files/folders modified in the last 1 months======

2010-08-19 10:59:34 ----RD---- C:\Program Files
2010-08-19 10:52:30 ----D---- C:\WINDOWS\Temp
2010-08-19 10:51:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-19 10:50:28 ----D---- C:\WINDOWS\system32
2010-08-19 10:49:40 ----D---- C:\Documents and Settings\user\Data aplikací\Sauwci
2010-08-19 10:48:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 10:46:43 ----D---- C:\WINDOWS\Prefetch
2010-08-19 10:43:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-19 10:43:17 ----A---- C:\WINDOWS\explorer.exe
2010-08-18 19:04:16 ----RSD---- C:\WINDOWS\Fonts
2010-08-18 10:40:17 ----D---- C:\Documents and Settings\user\Data aplikací\ICQ
2010-08-18 07:10:13 ----D---- C:\Documents and Settings\user\Data aplikací\Mozilla
2010-08-18 07:09:58 ----D---- C:\WINDOWS
2010-08-14 18:42:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-14 18:40:59 ----RSD---- C:\WINDOWS\assembly
2010-08-14 17:20:40 ----D---- C:\Documents and Settings\user\Data aplikací\BSplayer
2010-08-14 13:18:03 ----D---- C:\Program Files\PokerStars
2010-08-13 10:30:25 ----HD---- C:\WINDOWS\inf
2010-08-13 00:50:54 ----A---- C:\WINDOWS\imsins.BAK
2010-08-13 00:50:52 ----D---- C:\WINDOWS\system32\drivers
2010-08-13 00:50:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 00:49:48 ----SHD---- C:\WINDOWS\Installer
2010-08-13 00:49:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-13 00:49:06 ----D---- C:\WINDOWS\WinSxS
2010-08-13 00:43:52 ----D---- C:\Program Files\Movie Maker
2010-08-12 18:51:21 ----D---- C:\Program Files\ICQ7.1
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-27 20:26:50 ----SD---- C:\WINDOWS\Tasks
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-24 11:48:23 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2006-01-10 17920]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2008-03-28 24064]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-04-14 339456]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2009-03-12 112896]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-01-14 534568]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-01-14 47272]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2009-03-19 9216]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-08-10 1765168]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-06-08 208304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-06-04 297728]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-04-28 2696448]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-01-14 156816]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 yksvc;Marvell Yukon Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím a vítám tě u nás.

Abych ti mohl pomoci, vykonej následující doporučení:
Odinstaluj nelegální NOD32 - použij http://www.nod32.nl/download/tool/nod32removal.exe
Nainstaluj Avast http://www.asw.cz/cze/download-avast-home.html
nebo Aviru http://www.free-av.com/en/trialpay_down ... virus.html

Na PC s přístupem na internet stáhni HJT - http://free.antivirus.com/hijackthis/
Přenes do napadeného počítače - spusť a log dej do své odpovědi

[eanej]

Vyplnil jsem vsechny Vase rozkazy, ale internet je stále pomalý. Waiting for orders

log z hijackthis --

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:37, on 22.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetLog3] C:\WINDOWS\svc3.exe
O4 - HKCU\..\Run: [NetLog2] C:\WINDOWS\svc2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6346 bytes

[cernohous13]

Na ruční přebírání je toho dost - pustíme tam nástroj

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[eanej]

tak bohuzel ten combofix nejde pustit pise to ze system windows nema pristup k zarizeni, ceste nebo aplikaci a ze nemam opravneni, i kdyz sem prihlasenej jako spravce,,,

[cernohous13]

Smaž starý ComboFix

Stáhni ComboFix zde: http://www.bleepingcomputer.com/downloa ... s/combofix
Ulož ho přejmenovaný jako "zmije.com" na plochu

návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix

restart no douzového režimu s prací v síti (F8) - spustit - log sem zkopíruj

[eanej]

tak sem musel vytvorit novej ucet pac na tom starym to neslo pustit ani v nouzovym rezimu




ComboFix 10-09-12.04 - Gidkun 13.09.2010 12:39:15.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.766 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gidkun\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2008.exe
c:\documents and settings\All Users\Nabídka Start\Programy\FLV Direct Player
c:\documents and settings\All Users\Nabídka Start\Programy\FLV Direct Player\FLV Direct Player.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\documents and settings\All Users\Plocha\FLV Direct Player.lnk
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\windows\Fonts\mlog
c:\windows\svc2.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\comsats.sys
c:\windows\system32\Install.txt
c:\windows\system32\service.sys
c:\windows\system32\szetyj67v.txt

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe

Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-13 do 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-13 10:29 . 2010-09-13 10:29 -------- d-----w- c:\documents and settings\Gidkun\Bluetooth Software
2010-09-13 08:41 . 2010-09-13 08:41 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2010-09-13 08:41 . 2010-09-13 08:41 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----w- c:\documents and settings\Administrator\Plocha
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----w- c:\documents and settings\Administrator\Oblíbené položky
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----w- c:\documents and settings\Administrator\Dokumenty
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----w- c:\windows\system32\drivers\NSS
2010-09-13 08:41 . 2010-09-13 08:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-13 08:29 . 2010-09-13 08:51 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2010-09-13 08:29 . 2010-09-13 08:39 -------- d-----w- c:\documents and settings\Administrator
2010-09-13 08:29 . 2010-09-13 08:39 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2010-09-13 08:11 . 2010-09-13 08:11 -------- d-----w- c:\windows\system32\LogFiles
2010-09-10 19:21 . 2010-09-10 19:21 -------- d-----w- c:\program files\ESET
2010-09-10 16:53 . 2010-09-13 08:40 -------- d-----w- c:\program files\Norton Security Scan
2010-09-10 16:53 . 2010-09-10 16:53 -------- d-----w- c:\program files\NortonInstaller
2010-09-10 14:01 . 2010-08-12 04:07 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-09-10 14:01 . 2010-08-12 04:07 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-10 13:53 . 2010-09-13 08:41 -------- d-----w- c:\program files\DivX
2010-08-21 11:55 . 2010-08-21 11:56 -------- d-----w- c:\temp\_asw_aisI.tm~a05052
2010-08-21 11:54 . 2010-08-21 11:55 -------- d-----w- C:\TEMP
2010-08-21 11:51 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-21 11:51 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-21 11:51 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-21 11:51 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-21 11:51 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-21 11:51 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-21 11:51 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-21 11:51 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-21 11:51 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-21 11:50 . 2010-08-21 11:50 -------- d-----w- c:\program files\Alwil Software
2010-08-19 10:02 . 2010-08-19 10:02 -------- d-----w- c:\program files\CCleaner
2010-08-19 09:48 . 2010-08-20 11:33 -------- d-----w- c:\program files\trend micro
2010-08-19 09:12 . 2010-08-19 09:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-19 08:59 . 2010-08-19 08:59 -------- d-----w- C:\rsit
2010-08-18 05:11 . 2010-08-18 05:11 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 08:41 . 2010-05-23 10:04 -------- d-----w- c:\program files\ICQ7.1
2010-08-20 15:31 . 2001-10-25 14:00 93094 ----a-w- c:\windows\system32\perfc005.dat
2010-08-20 15:31 . 2001-10-25 14:00 457730 ----a-w- c:\windows\system32\perfh005.dat
2010-08-19 08:49 . 2010-08-18 05:09 0 ----a-w- c:\windows\system32\~~.tmp
2010-08-19 08:43 . 2004-08-17 13:49 1034240 ----a-w- c:\windows\explorer.exe
2010-08-14 11:18 . 2010-05-20 10:32 -------- d-----w- c:\program files\PokerStars
2010-08-12 04:07 . 2010-06-22 17:20 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2010-06-22 17:20 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-10 19:28 . 2010-08-10 19:26 -------- d-----w- c:\program files\AVI ReComp
2010-08-10 19:28 . 2010-08-10 19:28 -------- d-----w- c:\program files\Gabest
2010-08-10 19:28 . 2010-08-10 19:28 -------- d-----w- c:\program files\Xvid
2010-08-10 19:27 . 2010-08-10 19:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:12 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2004-08-17 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-20 16:34 . 2010-06-20 16:34 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 14:03 . 2004-08-17 13:49 80384 ----a-w- c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-08 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-14 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2006-01-16 20:01 53248 ----a-w- c:\windows\system32\accelerometerST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-27 18:26 136176 ----atw- c:\documents and settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-08-22 11:02 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.8.2010 13:51 165456]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2010 13:51 17744]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [17.8.2004 15:49 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 16:00 3584]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [28.4.2010 10:49 227896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Obsah adresáře 'Naplánované úlohy'

2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-09-10 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-10 07:48]

2010-09-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-14 20:18]
.
.
------- Doplňkový sken -------
.
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Gidkun\Data aplikací\Mozilla\Firefox\Profiles\c059sc8m.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-winsad32 - winsad32.dll
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1 - c:\program files\ESET\ESET NOD32 Antivirus\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 12:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-13 12:51:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-13 10:51

Před spuštěním: Volných bajtů: 96 290 701 312
Po spuštění: Volných bajtů: 96 466 550 784

- - End Of File - - 58A0E615032AB3F799F14F96D97FE374

[cernohous13]

Nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CF script

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\ESET

File::
c:\temp\_asw_aisI.tm~a05052
c:\windows\system32\~~.tmp
c:\windows\system32\regedt32.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

Driver::
NOD32FiXTemDono

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení